@runsec/mcp 1.0.64 → 1.0.65

package/bin/ensure-binaries.cjs

@@ -370,15 +370,24 @@ async function installSemgrep() {
 }
 
 async function runDownload() {
+  console.error(
+    `[RunSec Debug] ensure-binaries runDownload() PKG_ROOT=${PKG_ROOT} BIN_DIR=${BIN_DIR} platform=${process.platform} arch=${process.arch}`
+  );
+
   if (process.env.RUNSEC_SKIP_BINARY_DOWNLOAD === "1") {
+    console.error("[RunSec Debug] ensure-binaries abort: RUNSEC_SKIP_BINARY_DOWNLOAD=1");
     log("Skipping binary download (RUNSEC_SKIP_BINARY_DOWNLOAD=1)");
     return;
   }
   if (shouldDeferPostinstall()) {
+    console.error(
+      "[RunSec Debug] ensure-binaries abort: shouldDeferPostinstall()=true (npx install deferral)"
+    );
     log("Deferring binary download during npx install (fetched on first MCP start).");
     return;
   }
 
+  console.error("[RunSec Debug] ensure-binaries starting GitHub binary download…");
   ensureDir(BIN_DIR);
   const manifest = {
     platform: `${process.platform}-${process.arch}`,
@@ -403,6 +412,7 @@ async function runDownload() {
 
   fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2));
   rmrf(STAGING_DIR);
+  console.error(`[RunSec Debug] ensure-binaries complete manifest=${JSON.stringify(manifest)}`);
   log("Binary setup complete (see bin/.versions.json)");
 }
 

package/bin/runsec-mcp.cjs

@@ -33,11 +33,14 @@ function optionalEngineResolvable(engine) {
     ? [`${pkg}/bin/${engine}.exe`, `${pkg}/bin/${engine}`]
     : [`${pkg}/bin/${engine}`];
   for (const candidate of candidates) {
+    console.error(`[RunSec Debug] runsec-mcp require.resolve: ${candidate}`);
     try {
-      require.resolve(candidate);
+      const resolved = require.resolve(candidate);
+      console.error(`[RunSec Debug] runsec-mcp optional OK ${candidate} -> ${resolved}`);
       return true;
-    } catch {
-      // optionalDependency not installed
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error(`[RunSec Debug] runsec-mcp require.resolve failed ${candidate}: ${message}`);
     }
   }
   return false;
@@ -53,21 +56,43 @@ function binariesMissing() {
 
 /** Thin package: skip GitHub download when platform optional @runsec/engine-* packages are installed. */
 function shouldFetchBundledBinaries() {
-  if (process.env.RUNSEC_SKIP_BINARY_DOWNLOAD === "1") return false;
-  if (optionalEngineResolvable("trufflehog") && optionalEngineResolvable("syft")) return false;
-  return binariesMissing();
+  if (process.env.RUNSEC_SKIP_BINARY_DOWNLOAD === "1") {
+    console.error("[RunSec Debug] ensure-binaries skipped: RUNSEC_SKIP_BINARY_DOWNLOAD=1");
+    return false;
+  }
+  const thOptional = optionalEngineResolvable("trufflehog");
+  const syOptional = optionalEngineResolvable("syft");
+  console.error(
+    `[RunSec Debug] optionalEngineResolvable trufflehog=${thOptional} syft=${syOptional} platform=${process.platform} arch=${process.arch}`
+  );
+  if (thOptional && syOptional) {
+    console.error("[RunSec Debug] ensure-binaries skipped: optional @runsec/engine-* packages resolve");
+    return false;
+  }
+  const missing = binariesMissing();
+  console.error(`[RunSec Debug] binariesMissing()=${missing} PKG_ROOT=${PKG_ROOT}`);
+  return missing;
 }
 
-if (shouldFetchBundledBinaries()) {
+const fetchBundled = shouldFetchBundledBinaries();
+console.error(`[RunSec Debug] runsec-mcp startup: shouldFetchBundledBinaries=${fetchBundled}`);
+
+if (fetchBundled) {
+  console.error("[RunSec Debug] Running ensure-binaries.cjs (GitHub download into bin/)…");
   console.log("[runsec] Fetching security engine binaries (first run)…");
   const result = spawnSync(process.execPath, [ensureScript], {
     cwd: PKG_ROOT,
     stdio: "inherit",
     env: { ...process.env, RUNSEC_FORCE_BINARY_DOWNLOAD: "1" },
   });
+  console.error(
+    `[RunSec Debug] ensure-binaries.cjs exit status=${result.status} signal=${result.signal ?? "none"}`
+  );
   if (result.status !== 0) {
     console.warn("[runsec] Binary setup incomplete; scans may use global tools or Docker.");
   }
+} else {
+  console.error("[RunSec Debug] ensure-binaries.cjs not invoked on this startup");
 }
 
 require("../dist/index.js");

package/dist/index.js

@@ -2030,16 +2030,32 @@ function binResolveCandidates(engineName, packageName) {
 }
 function getEngineExecutable(engineName) {
   const packageName = buildOptionalEnginePackageName(engineName);
+  console.error(
+    `[RunSec Debug] getEngineExecutable(${engineName}) platform=${process.platform} arch=${process.arch} __filename=${__filename}`
+  );
   if (!packageName) {
+    console.error(
+      `[RunSec Debug] Unsupported platform/arch for optional engine package \u2014 falling back to PATH: ${engineName}`
+    );
     return engineName;
   }
+  console.error(`[RunSec Debug] Optional package name: ${packageName}`);
   const require2 = (0, import_node_module.createRequire)(__filename);
-  for (const candidate of binResolveCandidates(engineName, packageName)) {
+  const candidates = binResolveCandidates(engineName, packageName);
+  for (const candidate of candidates) {
+    console.error(`[RunSec Debug] require.resolve target: ${candidate}`);
     try {
-      return require2.resolve(candidate);
-    } catch {
+      const resolved = require2.resolve(candidate);
+      console.error(`[RunSec Debug] Found optional package binary at: ${resolved}`);
+      return resolved;
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error(`[RunSec Debug] require.resolve failed for ${candidate}: ${message}`);
     }
   }
+  console.error(
+    `[RunSec Debug] No optional package binary for ${engineName} (${packageName}) \u2014 falling back to PATH: ${engineName}`
+  );
   return engineName;
 }
 function isOptionalPackageExecutable(engineName, command) {
@@ -2080,14 +2096,29 @@ function getBundledBinDir() {
   return import_node_path9.default.join(getPackageRoot(), "bin");
 }
 function resolveEngineBinary(tool) {
+  const packageRoot = getPackageRoot();
+  const bundledBinDir = getBundledBinDir();
+  console.error(
+    `[RunSec Debug] resolveEngineBinary(${tool}) packageRoot=${packageRoot} bundledBinDir=${bundledBinDir} __dirname=${__dirname}`
+  );
   const optionalCommand = getEngineExecutable(tool);
+  console.error(`[RunSec Debug] Optional resolve result for ${tool}: ${optionalCommand}`);
   if (isOptionalPackageExecutable(tool, optionalCommand)) {
+    console.error(`[RunSec Debug] Using optional-package binary for ${tool}: ${optionalCommand}`);
     return { command: optionalCommand, source: "optional-package" };
   }
-  const bundled = import_node_path9.default.join(getBundledBinDir(), binFileName(tool));
-  if (import_node_fs6.default.existsSync(bundled) && isBundledBinaryRunnable(bundled)) {
+  const bundled = import_node_path9.default.join(bundledBinDir, binFileName(tool));
+  console.error(`[RunSec Debug] Checking bundled path: ${bundled}`);
+  const bundledExists = import_node_fs6.default.existsSync(bundled);
+  const bundledRunnable = bundledExists && isBundledBinaryRunnable(bundled);
+  console.error(
+    `[RunSec Debug] Bundled path exists=${bundledExists} runnable=${bundledRunnable}` + (bundledExists ? ` size=${import_node_fs6.default.statSync(bundled).size}` : "")
+  );
+  if (bundledRunnable) {
+    console.error(`[RunSec Debug] Using bundled binary for ${tool}: ${bundled}`);
     return { command: bundled, source: "bundled" };
   }
+  console.error(`[RunSec Debug] Fallback to global PATH for: ${tool}`);
   return { command: tool, source: "global" };
 }
 function resolveEngineCommand(tool) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@runsec/mcp",
-  "version": "1.0.64",
+  "version": "1.0.65",
   "main": "dist/index.js",
   "files": [
     "dist",